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CLAIMS 

What is claimed is: 

1. A method for use in protecting information in forwarded 
authentication messages, the method comprising: 

encoding data using an encryption key; 

encoding the encryption key using at least one other encryption key; and 
encapsulating the resulting encoded data and the encoded encryption key in 
a forwarded authentication message. 

2. The method as recited in Claim 1, further comprising encoding the 
encryption key a plurality of times using a plurality of other encryption keys, and 
further encapsulating the resulting encoded encryption keys in the authentication 
message. 

3. The method as recited in Claim 1, wherein the authentication 
message includes a Kerberos ticket. 

4. The method as recited in Claim 3, wherein the data includes 
authorization data within the Kerberos ticket. 

5. The method as recited in Claim 1, further comprising: 
providing the authentication message to a service; 
providing the at least one other encryption key to the service; 

causing the service to decode the encoded encryption key using the at least 
one other encryption key; and 
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causing the service to decode the encoded data using the resulting decoded 
encryption key. 

6. A computer-readable medium for use in protecting information in 
forwarded authentication messages, the computer-readable medium having 
computer-executable instructions for performing acts comprising: 

using an encryption key to encode data; 

using at least one other encryption key to encode the encryption key; 
including the resulting encoded data in at least one authentication message; 

and 

including the encoded encryption key in at least one authentication 
message. 

7. The computer-readable medium as recited in Claim 6, wherein 
including the resulting encoded data in at least one authentication message and 
including the encoded encryption key in at least one authentication message, cause 
the resulting encoded data and the encoded encryption key to be included in the 
same authentication message. 

8. The computer-readable medium as recited in Claim 6, further 
comprising computer-executable instructions for encoding the encryption key a 
plurality of times using a plurality of other encryption keys, and further 
encapsulating the resulting encoded encryption keys in at least one authentication 
message. 
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9. The computer-readable medium as recited in Claim 6, wherein the 
authentication message includes a Kerberos ticket. 

10. The computer-readable medium as recited in Claim 9, wherein the 
data includes authorization data within the Kerberos ticket. 

11. The computer-readable medium as recited in Claim 6, further 
comprising computer-executable instructions for: 

providing the authentication message to a service; 

providing the at least one other encryption key to the service; 

causing the service to decode the encoded encryption key using the at least 
one other encryption key; and 

causing the service to decode the encoded data using the resulting decoded 
encryption key. 

12. An apparatus for use in protecting information in forwarded 
authentication messages, the apparatus comprising logic configured to encode data 
using an encryption key, encode the encryption key using at least one other 
encryption key, and encapsulate the resulting encoded data and the encoded 
encryption key in an authentication message. 

13. The apparatus as recited in Claim 12, wherein the logic is further 
configured to encode the encryption key a plurality of times using a plurality of 
other encryption keys, and further encapsulate the resulting encoded encryption 
keys in the authentication message. 
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14. The apparatus as recited in Claim 12, wherein the authentication 
message includes a Kerberos ticket. 

15. The apparatus as recited in Claim 14, wherein the data includes 
authorization data within the Kerberos ticket. 

16. The apparatus as recited in Claim 12, further comprising a least one 
service operatively coupled to receive the authentication message from the logic, 
and configured to decode the encoded encryption key using the at least one other 
encryption key and decode the encoded data using the resulting decoded 
encryption key. 

17. A computer-readable medium having stored thereon an 
authentication message, comprising: 

encoded data; and 

at least one encoded encryption key operatively associated with at least a 
portion of the encoded data. 
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